example: oauth2 for mcp-auth (#10)

* fix: health endpoint

* example: streamable http

* auth: github

* mcp-auth: oauth

* docs

Author: echarles

.github/dependabot.yml

@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    groups:
+      github-actions:
+        patterns:
+          - "*"

.github/workflows/fix-license-header.yml

@@ -0,0 +1,62 @@
+name: Fix License Headers
+
+on:
+  pull_request_target:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+    
+jobs:
+  header-license-fix:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Checkout the branch from the PR that triggered the job
+        run: gh pr checkout ${{ github.event.pull_request.number }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Fix License Header
+        # pin to include https://github.com/apache/skywalking-eyes/pull/168
+        uses: apache/skywalking-eyes/header@07a607ff5b0759f5ed47306c865aac50fe9b3985
+        with:
+          mode: fix
+
+      - name: List files changed
+        id: files-changed
+        shell: bash -l {0}
+        run: |
+          set -ex
+          export CHANGES=$(git status --porcelain | tee /tmp/modified.log | wc -l)
+          cat /tmp/modified.log
+
+          echo "N_CHANGES=${CHANGES}" >> $GITHUB_OUTPUT
+
+          git diff
+
+      - name: Commit any changes
+        if: steps.files-changed.outputs.N_CHANGES != '0'
+        shell: bash -l {0}
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+          git pull --no-tags
+
+          git add *
+          git commit -m "Automatic application of license header"
+
+          git config push.default upstream
+          git push
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.licenserc.yaml

@@ -0,0 +1,52 @@
+header:
+  license:
+    spdx-id: Datalayer
+    copyright-owner: Datalayer, Inc.
+    copyright-year: 2023-2025
+    content: |
+      Copyright (c) [year] [owner]
+      Distributed under the terms of the Modified BSD License.
+
+  paths-ignore:
+    - '**/*.toml'
+    - '**/*.apt'
+    - '**/*.cedar'
+    - '**/*.dash'
+    - '**/*.fga'
+    - '**/*.ipynb'
+    - '**/*.j2'
+    - '**/*.json'
+    - '**/*.mamba'
+    - '**/*.md'
+    - '**/*.mdx'
+    - '**/*.mod'
+    - '**/*.nblink'
+    - '**/*.rego'
+    - '**/*.sum'
+    - '**/*.svg'
+    - '**/*.template'
+    - '**/*.tsbuildinfo'
+    - '**/*.txt'
+    - '**/*.yaml'
+    - '**/*.yml'
+    - '**/*_key'
+    - '**/*_key.pub'
+    - '**/.*'
+    - '**/LICENSE.txt'
+    - '**/MANIFEST.in'
+    - '**/build'
+    - '**/lib'
+    - '**/node_modules'
+    - '**/schemas'
+    - '**/ssh/*'
+    - '**/static'
+    - '**/themes'
+    - '**/typings'
+    - '**/*.patch'
+    - '**/*.bundle.js'
+    - '**/*.map.js'
+    - 'LICENSE'
+    - 'src/stories'
+    - '.husky/pre-commit'
+
+  comment: on-failure

README.md

@@ -17,7 +17,7 @@
 [![License](https://img.shields.io/badge/license-BSD--3--Clause-green)](LICENSE)
 [![Docker](https://img.shields.io/badge/docker-ready-blue)](Dockerfile)
 
-> **A powerful, production-ready framework for composing and orchestrating Model Context Protocol (MCP) servers with advanced management capabilities, REST API, and modern Web UI.**
+> **Similar to Docker Compose - Orchestrate Model Context Protocol (MCP) servers with management capabilities, REST API, and Web UI.**
 
 ## 🎯 Overview
 

examples/mcp-auth/Makefile

@@ -59,6 +59,19 @@ agent:
 	@echo ""
 	mcp-auth-agent azure-openai:gpt-4o-mini
 
+
+# Run MCP Inspector
+inspector:
+	@echo "🔍 Starting Model Context Protocol Inspector..."
+	npx @modelcontextprotocol/inspector
+
+# Test Dynamic Client Registration
+test-dcr:
+	@echo "🧪 Testing Dynamic Client Registration (DCR)..."
+	@echo "Make sure the server is running in another terminal: make server"
+	@echo ""
+	python test_dcr.py
+
 # Run tests
 test:
 	@echo "🧪 Running tests..."

examples/mcp-auth/README.md

@@ -15,6 +15,7 @@ A clear, educational example demonstrating OAuth2 authentication for MCP (Model
 ## 📚 What You'll Learn
 
 - **OAuth2** - Authorization Code flow with PKCE
+- **Dynamic Client Registration (DCR)** - RFC 7591 implementation for automatic client registration
 - **MCP Authorization** - Official specification (2025-06-18)
 - **Security** - Token validation, CSRF protection, resource indicators
 - **MCP SDK** - Building servers with FastMCP and clients with MCP SDK
@@ -39,9 +40,11 @@ make install
 |------|---------|------------------|
 | **[docs/QUICKSTART.md](docs/QUICKSTART.md)** | Get running in 5 minutes | You want to try it immediately |
 | **[docs/GITHUB.md](docs/GITHUB.md)** | GitHub OAuth app setup | Setting up for the first time |
+| **[docs/INSPECTOR.md](docs/INSPECTOR.md)** | MCP Inspector setup and testing | You want to test with MCP Inspector |
 | **[docs/FLOW_EXPLAINED.md](docs/FLOW_EXPLAINED.md)** | Detailed OAuth flow | You want to understand how it works |
 | **[docs/DIAGRAMS.md](docs/DIAGRAMS.md)** | Visual explanations | You prefer diagrams |
 | **[docs/IMPLEMENTATION.md](docs/IMPLEMENTATION.md)** | Technical details | You're implementing your own |
+| **[docs/DYNAMIC_CLIENT_REGISTRATION.md](docs/DYNAMIC_CLIENT_REGISTRATION.md)** | Dynamic Client Registration (DCR) | You want to understand automatic client registration |
 
 ## 📁 Project Structure
 
@@ -75,7 +78,7 @@ mcp-auth/
    - OAuth2 endpoints integrated with FastAPI
    - Three example tools (calculator, greeter, server_info)
    - Token validation middleware
-   - Compatible with both SSE and STDIO transports
+   - Uses **HTTP Streaming (NDJSON)** transport for efficient communication
 
 ### 2. **MCP Client** (`mcp_auth_example/client.py`)
    - Built with **official MCP Python SDK**
@@ -101,22 +104,22 @@ mcp-auth/
    - Implements MCP Authorization specification (2025-06-18)
    - Exposes OAuth metadata endpoints (RFC 9728, RFC 8414)
    - Validates access tokens before serving tools
-   - Provides MCP tools via HTTP/SSE transport
+   - Provides MCP tools via **HTTP Streaming (NDJSON)** transport
    - Tools: calculator (add, multiply), greeter (hello, goodbye), server info
 
 ### 2. **MCP Client** (`mcp_auth_example/client.py`)
    - Handles OAuth2 flow with GitHub
    - Automatically opens browser for user authentication
    - Manages access tokens
    - Connects to MCP server using **MCP SDK client**
-   - Makes authenticated requests via MCP protocol (SSE transport)
-   - Demonstrates proper MCP tool invocation
+   - Makes authenticated requests via MCP protocol (**HTTP Streaming transport**)
+   - Demonstrates proper MCP tool invocation with NDJSON format
 
 ### 3. **Pydantic AI Agent** (`mcp_auth_example/agent.py`) ✨ NEW
    - Interactive CLI agent powered by **pydantic-ai**
    - Uses **Anthropic Claude Sonnet 4.5** model
    - Automatically authenticates with OAuth2
-   - Connects to MCP server with authenticated tools
+   - Connects to MCP server with authenticated tools via HTTP Streaming
    - Natural language interface to MCP tools
    - Example: "What is 15 + 27?" → Uses calculator_add tool
 

examples/mcp-auth/config.template.json …s/mcp-auth/config.template.json.disabledexamples/mcp-auth/config.template.json renamed to examples/mcp-auth/config.template.json.disabled examples/mcp-auth/config.template.json renamed to examples/mcp-auth/config.template.json.disabled

@@ -65,8 +65,8 @@ The agent provides a natural language interface to the MCP server tools, powered
 │                           │                                 │
 │                           ▼                                 │
 │  ┌─────────────────────────────────────────────────────┐   │
-│  │  MCPServerSSE (pydantic_ai.mcp)                     │   │
-│  │  - URL: http://localhost:8080/sse                   │   │
+│  │  MCPServerStreamableHTTP (pydantic_ai.mcp)          │   │
+│  │  - URL: http://localhost:8080/mcp                   │   │
 │  │  - Auth: Bearer token from OAuth                    │   │
 │  │  - Tools: calculator_*, greeter_*, get_server_info  │   │
 │  └─────────────────────────────────────────────────────┘   │
@@ -77,7 +77,7 @@ The agent provides a natural language interface to the MCP server tools, powered
 │              MCP Server (server.py)                         │
 │  - Validates Bearer token with GitHub                       │
 │  - Executes tool functions                                  │
-│  - Returns results via SSE                                  │
+│  - Returns results via HTTP Streaming (NDJSON)              │
 └─────────────────────────────────────────────────────────────┘
 ```
 
@@ -88,16 +88,16 @@ The agent provides a natural language interface to the MCP server tools, powered
    - Manages PKCE flow for security
    - Returns access token for MCP server
 
-2. **Agent Setup** (`agent.py`)
+3. **Agent Setup** (`agent.py`)
    - Creates `httpx.AsyncClient` with Bearer token
-   - Initializes `MCPServerSSE` connection
+   - Initializes `MCPServerStreamableHTTP` connection
    - Creates `Agent` with Anthropic Claude model
    - Registers MCP server as toolset
 
-3. **Tool Invocation Flow**
+4. **Tool Invocation Flow**
    - User types natural language query
    - Agent (Claude) analyzes query and decides which tool to call
-   - Agent calls tool via MCP protocol (HTTP SSE)
+   - Agent calls tool via MCP protocol (HTTP Streaming)
    - MCP server validates token and executes tool
    - Agent receives result and formulates response
    - Agent displays natural language answer to user
@@ -121,17 +121,17 @@ if oauth.authenticate():
 ```python
 import httpx
 from pydantic_ai import Agent
-from pydantic_ai.mcp import MCPServerSSE
+from pydantic_ai.mcp import MCPServerStreamableHTTP
 
 # Create HTTP client with authentication
 http_client = httpx.AsyncClient(
     headers={"Authorization": f"Bearer {token}"},
-    timeout=httpx.Timeout(30.0)
+    timeout=30.0
 )
 
 # Connect to MCP server
-mcp_server = MCPServerSSE(
-    url=f"{server_url}/sse",
+mcp_server = MCPServerStreamableHTTP(
+    url=f"{server_url}/mcp",
     http_client=http_client
 )